Computer platforms (or simply platforms) incorporate multiple components (e.g., CPU processor, chipset, video processor/card, etc.) that run dedicated software called firmware (also referred to as platform firmware). The portion of firmware that is hardcoded or stored in a Read Only Memory (ROM) is considered immutable and therefore is expected not to vary over time. Platform firmware includes the first set of instructions that are executed by a computer system. To protect this important set of instructions from attacks or unintentional corruption, current solutions guard an image of the firmware by making it part of the root of trust. The root of trust that originates from the platform hardware passes from the hardware to the software through the firmware of the platform, and thus the firmware becomes a critical part of the chain of trust.
In order to correct bugs and/or add features to the firmware, there is generally another portion of the platform firmware that is programmable and updatable. Methods of compromising platform firmware are continually being developed. Compromising platform firmware enables an arsenal of very useful tools to attack a computer system. Unlike software attacks, compromised firmware is both hard to detect and difficult for a computer system to recover from. Compromised firmware is mostly invisible to the software layer of a computer system, including most anti-virus and spyware tools. The invisible nature of firmware makes it ideal for rootkits. Rootkits are compact and dormant malicious hooks in the platform that attain highest possible privilege and lowest visibility to running software. Their primary function is to provide an application programming interface (API) to viruses and worms on an infected system.
Furthermore, the potential damage from a malicious firmware attack is far worse than a software attack due to the persistent nature of the firmware. For example, a denial of service Disk Operating System (DOS) attack on the system software stack may result in a corrupted Operating System (OS) stack that would need to be reinstalled. In contrast, a compromised firmware DOS attack may result in a completely unbootable and unusable platform. A recovery solution to such firmware corruption may require reinstalling a backup image of firmware.
Contents on a non-volatile memory (e.g., hard disk drive, solid state drive) can be protected at the host end by the operating system or ring-0 software. However, any ring-0 malware can get access to the non-volatile memory and therefore corrupt any data on the non-volatile memory, including backup images of the firmware or any software that needs protection. Enabling a non-volatile memory password to protect the data in the non-volatile memory is also prone to malicious attacks. For example, when a user is prompted to enter the password for the non-volatile memory at boot time, the contents of the password are no longer protected from external/internal software attacks. Additionally, partitioning of memory areas on a non-volatile memory does not provide meaningful security of data in the hard dive by itself.
Current technologies have very poor, if any, mechanisms for providing a protected storage for the backup image of platform firmware or for any other software that needs protection.